Port Scanner

Open: A service is actively listening on the port and the TCP connection succeeded. Closed: The port is not open — either no service is running on that port, or a firewall is dropping/rejecting packets. This tool uses TCP connect scanning — if the connection is established within the timeout, the port is marked open.

Port scanning your own servers is always legal. Scanning third-party servers without permission may be illegal in many jurisdictions and is a violation of most hosting terms of service. This tool is intended for scanning your own public-facing servers to audit your firewall configuration. Only scan servers you own or have explicit permission to test.

Each closed/filtered port must wait for a TCP connection timeout (1.5 seconds per port in this tool). For the Top 50 preset, a host with mostly closed ports could take up to 75 seconds. Open ports respond instantly. Firewalls that drop packets (rather than send a TCP RST) cause the most delay. Use the "Common" preset for faster results.

For a web server, you typically want port 80 (HTTP) and 443 (HTTPS) open, and everything else closed. Common security concerns: port 22 (SSH) should be restricted to known IPs, port 3306 (MySQL) and 5432 (PostgreSQL) should never be publicly open, port 3389 (RDP) is a frequent brute-force target. Open database and admin ports on public servers are a serious security risk.

scanme.nmap.org is a server maintained by the Nmap project specifically for port scanning tests. It has explicit permission for the public to scan it, making it a safe target for testing port scanners. Ports 22 and 80 are intentionally open on that host.